Discussion:
Unable to get certificate CRL
Daniel Marschall
2009-10-25 15:21:17 UTC
Permalink
Hello.

I have a problem with verification of certificates.

I have a root, a intermediate and a client certificate. Every
certificate has CRL information (client shows the intermediate CRL).

The chain is:

ViaThinkSoft Root Certificate Signing Authority (CRL: Root)
- ViaThinkSoft Intermediate Client Certificate Authority (CRL: Intermediate)
- - Daniel Marschall (CRL: Intermediate)

At the verification process I get 2 types of errors
1. Issuer subject name errors
2. A CRL-Retriving error

How can I solve these errors?

Here is my command line:

cat root.crt > tmp_cachain.pem
cat intermediate.crt >> tmp_cachain.pem
openssl verify -verbose -issuer_checks -crl_check_all -CAfile
tmp_cachain.pem daniel-marschall.crt

The result is:

daniel-marschall.crt:
/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Developers/CN=Daniel
Marschall/emailAddress=info-KZokrNs00LWL+GTGvn3LkxvVK+***@public.gmane.org
error 29 at 0 depth lookup:subject issuer mismatch

/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Developers/CN=Daniel
Marschall/emailAddress=info-KZokrNs00LWL+GTGvn3LkxvVK+***@public.gmane.org
error 29 at 0 depth lookup:subject issuer mismatch

/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Developers/CN=Daniel
Marschall/emailAddress=info-KZokrNs00LWL+GTGvn3LkxvVK+***@public.gmane.org
error 29 at 0 depth lookup:subject issuer mismatch

/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Intermediate
Client Certificate Authority/CN=ViaThinkSoft Intermediate Client
Certificate Authority/emailAddress=certmaster-D5/***@public.gmane.org
error 29 at 0 depth lookup:subject issuer mismatch

/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Developers/CN=Daniel
Marschall/emailAddress=info-KZokrNs00LWL+GTGvn3LkxvVK+***@public.gmane.org
error 3 at 0 depth lookup:unable to get certificate CRL

The CRL URIs are stored in the certificates. I expect that the verify
tool downloads the CRLs to simulate if the verification process would
work at the client's side.

My OpenSSL version is OpenSSL 0.9.8c 05 Sep 2006 (CANNOT change!)

Can you please help?

My tmp_cachain.pem is:

-----BEGIN CERTIFICATE-----
MIIKqzCCCJOgAwIBAgIBADANBgkqhkiG9w0BAQUFADCB5zELMAkGA1UEBhMCREUx
GzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBxMJQmFtbWVudGFs
MRUwEwYDVQQKEwxWaWFUaGlua1NvZnQxKzApBgNVBAsTIlJvb3QgQ2VydGlmaWNh
dGUgU2lnbmluZyBBdXRob3JpdHkxODA2BgNVBAMTL1ZpYVRoaW5rU29mdCBSb290
IENlcnRpZmljYXRlIFNpZ25pbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpj
ZXJ0bWFzdGVyQHZpYXRoaW5rc29mdC5kZTAeFw0wOTEwMjUxNDIzMjVaFw0zNDA2
MTYxNDIzMjVaMIHnMQswCQYDVQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0
ZW1iZXJnMRIwEAYDVQQHEwlCYW1tZW50YWwxFTATBgNVBAoTDFZpYVRoaW5rU29m
dDErMCkGA1UECxMiUm9vdCBDZXJ0aWZpY2F0ZSBTaWduaW5nIEF1dGhvcml0eTE4
MDYGA1UEAxMvVmlhVGhpbmtTb2Z0IFJvb3QgQ2VydGlmaWNhdGUgU2lnbmluZyBB
dXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmNlcnRtYXN0ZXJAdmlhdGhpbmtzb2Z0
LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzmprzkEs1EQM0OQA
oP3p19BqyzV4cyKtYPpN1oxqVXZHrh1rI+ndMIPLRQ/bDCDy/XkJR6UGHihz7ngo
Fj6uNsTg3SuyHJutj3rw77R5UtqH7SsDzXj/gpUwDyiHN0/fc7pbEu/6KEugZSYb
F/x9JK9wq6o/e541upJ0pxfND7rc2iWIcyGWsr2I3omuSbLA/LobzKEPiWosMjTy
db0HxcrKC5pb7vvB8uBygryDJIDaW8S/wefXVOyj7dVdDoDm3RcB/QCZlT678mTL
hCQ5moVllZW9etqN74WLdXv3jS2SC1E39nkGjhECnoWvOlk/waRokmlSDzGb+QbJ
br/2F3iwgiAUsYtCCyae4FGKWURVfTyVuIZTHFKfWQQCosPPrdiij+tEvWgdFNvN
W9dbVsUtRfjfhMgahlepVtT3HYpr92+JotYdGvF3fiA8OoH/re9q3m8Y8GGXBkPo
jSqCPVl68AfttlbTUTIVpofsjdPOlQ5paxVFCuUkiPgq9N7UKni/I4K4l5SsS4XS
7tBA5CKEzXfxuoEN8THfF6ymPEKiBrnTwm1Ulkc6uM5+8BBrbAQCtlO+GHIuE5sI
TksX+hpazbMegoVg08KuDNih30af4UItRY4IshNBUvQmjLYgtXBEwLJqcpCy8tCb
UVhZnw4tqc0czRj1PVrMIUIo0V0CAwEAAaOCBF4wggRaMB0GA1UdDgQWBBTXTW0w
GMN2N7SmyanHRhF1jNKXODCCARYGA1UdIwSCAQ0wggEJgBTXTW0wGMN2N7SmyanH
RhF1jNKXOKGB7aSB6jCB5zELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1
ZXJ0dGVtYmVyZzESMBAGA1UEBxMJQmFtbWVudGFsMRUwEwYDVQQKEwxWaWFUaGlu
a1NvZnQxKzApBgNVBAsTIlJvb3QgQ2VydGlmaWNhdGUgU2lnbmluZyBBdXRob3Jp
dHkxODA2BgNVBAMTL1ZpYVRoaW5rU29mdCBSb290IENlcnRpZmljYXRlIFNpZ25p
bmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpjZXJ0bWFzdGVyQHZpYXRoaW5r
c29mdC5kZYIBADAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjCBjgYDVR0l
BIGGMIGDBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYI
KwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEGCisG
AQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEAQYIKwYBBQUHAwkwJQYDVR0R
BB4wHIEaY2VydG1hc3RlckB2aWF0aGlua3NvZnQuZGUwJQYDVR0SBB4wHIEaY2Vy
dG1hc3RlckB2aWF0aGlua3NvZnQuZGUwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDov
L3d3dy52aWF0aGlua3NvZnQuZGUvY2EvY3JsL3Jvb3QuY3JsMBEGCWCGSAGG+EIB
AQQEAwIABzA0BglghkgBhvhCAQMEJxYlaHR0cDovL3d3dy52aWF0aGlua3NvZnQu
ZGUvY2EvcmV2b2tlLzA5BglghkgBhvhCAQQELBYqaHR0cDovL3d3dy52aWF0aGlu
a3NvZnQuZGUvY2EvY3JsL3Jvb3QuY3JsMDQGCWCGSAGG+EIBCAQnFiVodHRwOi8v
d3d3LnZpYXRoaW5rc29mdC5kZS9jYS9wb2xpY3kvMC0GCWCGSAGG+EIBAgQgFh5o
dHRwOi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS8wfAYIKwYBBQUHAQEEcDBuMDQG
CCsGAQUFBzABhihodHRwOi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS9vY3NwL3Jv
b3QvMDYGCCsGAQUFBzAChipodHRwOi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS9j
cnQvcm9vdC5jcnQwOQYJYIZIAYb4QgEHBCwWKmh0dHA6Ly93d3cudmlhdGhpbmtz
b2Z0LmRlL2NhL2NydC9yb290LmNydDBDBgNVHSAEPDA6MDgGAQAwMzAxBggrBgEF
BQcCARYlaHR0cDovL3d3dy52aWF0aGlua3NvZnQuZGUvY2EvcG9saWN5LzANBgkq
hkiG9w0BAQUFAAOCAgEAkv/dFhQaFKP5MfeNAdX+wIbsn2ceAYk8kwhDkZ/FjO62
Mst+igucTrs6C8YTeLjuZNXWdpq/9uagtu6QNyIE3DlLjzZhUf3dvYtUFwj85236
7dO1giEUyoox+XIHwWIMhvQTpdQP66IXfsFSRkCAX2fDyvk/IcL+wXG8Fz2PMotd
iTh8WrxU853OXFK6w2S5STqBoHMOqhqLkwwAalThs/E2Ainp8xrHEBnEnIDDJWYC
vVU+q3oT0AvlMd52KFwN80ZZbzrJu6zdacuJZd32JTFG9589Gp2f/ZKdCFykKlju
of7onNBltyEsV/9w35A1A5h/eQqw/J5tg16Na2Xsaab00+t7GcM027pGpMvzzDjW
O7XShcbF/QtM4k4Ze8WrVYKPpFac31MSWYmu2g41FEBbBvzVFgG7A+USW2UJtAlq
Gk/ix7uoOjfSIAiQE6Xn6PLkpScGyoNiqCcQwEIzIwWeGi++HKbpEO9KIa39kIo6
GlESuU5A0ia9cPKp8NHbv1n7G6+F/YCooFxjvfUMR1F+T0Cm2uPVVMJMQfV4kHIt
G9e22XJLHk3wm1mpal293qiM8A7em4TfigczcMQjOc3Y67OSNZCF0PKM0MpaUK9J
kckK/Dh6yOH8POx+aY73qJThrwYdE1ak/ml1u2X7ml0nwahQLGdpaCbEtEXvtNE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIKijCCCHKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCB5zELMAkGA1UEBhMCREUx
GzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBxMJQmFtbWVudGFs
MRUwEwYDVQQKEwxWaWFUaGlua1NvZnQxKzApBgNVBAsTIlJvb3QgQ2VydGlmaWNh
dGUgU2lnbmluZyBBdXRob3JpdHkxODA2BgNVBAMTL1ZpYVRoaW5rU29mdCBSb290
IENlcnRpZmljYXRlIFNpZ25pbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpj
ZXJ0bWFzdGVyQHZpYXRoaW5rc29mdC5kZTAeFw0wOTEwMjUxNDI0MDZaFw0zNDA2
MTYxNDI0MDZaMIH1MQswCQYDVQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0
ZW1iZXJnMRIwEAYDVQQHEwlCYW1tZW50YWwxFTATBgNVBAoTDFZpYVRoaW5rU29m
dDEyMDAGA1UECxMpSW50ZXJtZWRpYXRlIENsaWVudCBDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkxPzA9BgNVBAMTNlZpYVRoaW5rU29mdCBJbnRlcm1lZGlhdGUgQ2xpZW50
IENlcnRpZmljYXRlIEF1dGhvcml0eTEpMCcGCSqGSIb3DQEJARYaY2VydG1hc3Rl
ckB2aWF0aGlua3NvZnQuZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDG98FYiC6ugK1c7sjNIKjmqrmiEqcc11zJhC+qkEUbl8yp9q8zRBzaXSVoFYG7
+aESdau1MPJWcbIuXjTeSf66wCZwiF8QY8e8to5b/o5QE5VHwJyCH609zBXJlwDK
+0kQHeTIOproiVXHUiyhUrY0cSuoPvqXaxFZtb6cIkYXh/IbOd2lI4ENNomH+oxV
Zs10tEISGuOXN3RarPizq2dCDbl3RWHWtPJW7LCK4O8WVO/4FrSFTQQArx2jSG+0
8VXoXuFRCjyjXVn/3+QDFjJYUUsYqz6thQidqLsUGKmhucaF2dGA21w/S86crcQm
0n4mef3lnMUjchNQFlQXfKIlzyUJIDVQ+uu1YGAt3+FeOHyqzi48ZjuVQ1bNxCnl
XGqInbqHopUc9FDgnZOptupV+OKtWX/Xpqk84ikbbvhzuoqnFNILNKcXmEcK49Rr
anpdatSKtseN0NKycHGf//8khNWHjGRoFqAUaL0WeNW9i8XGBMBqTVVfStYdjqT9
H8OHgsIS4KCSbeRdrfCib20UUnC98tS8FGk+QUIrcc/2O5cSra8TnqlXbl1/1LYi
/TbAZ/LAexUUuKCej6cwNA07avNLSsWogSNGTBCiLo3VaWNIgGrhNYnGsQhMg/++
X1OuGmIqqylk0ULdvUFyVBdEnSJXFwdg4Vc4MGUp/slizQIDAQABo4IELzCCBCsw
HQYDVR0OBBYEFCPJ71NtqCw2JN6KONc6TCqHaKIgMIIBFgYDVR0jBIIBDTCCAQmA
FNdNbTAYw3Y3tKbJqcdGEXWM0pc4oYHtpIHqMIHnMQswCQYDVQQGEwJERTEbMBkG
A1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHEwlCYW1tZW50YWwxFTAT
BgNVBAoTDFZpYVRoaW5rU29mdDErMCkGA1UECxMiUm9vdCBDZXJ0aWZpY2F0ZSBT
aWduaW5nIEF1dGhvcml0eTE4MDYGA1UEAxMvVmlhVGhpbmtTb2Z0IFJvb3QgQ2Vy
dGlmaWNhdGUgU2lnbmluZyBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmNlcnRt
YXN0ZXJAdmlhdGhpbmtzb2Z0LmRlggEAMBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYD
VR0PBAQDAgEGME0GA1UdJQEB/wRDMEEGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYB
BAGCNwoDBAYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEFBQcDCTAlBgNVHREE
HjAcgRpjZXJ0bWFzdGVyQHZpYXRoaW5rc29mdC5kZTAlBgNVHRIEHjAcgRpjZXJ0
bWFzdGVyQHZpYXRoaW5rc29mdC5kZTA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8v
d3d3LnZpYXRoaW5rc29mdC5kZS9jYS9jcmwvY2xpZW50LmNybDARBglghkgBhvhC
AQEEBAMCAQYwNAYJYIZIAYb4QgEDBCcWJWh0dHA6Ly93d3cudmlhdGhpbmtzb2Z0
LmRlL2NhL3Jldm9rZS8wOwYJYIZIAYb4QgEEBC4WLGh0dHA6Ly93d3cudmlhdGhp
bmtzb2Z0LmRlL2NhL2NybC9jbGllbnQuY3JsMDQGCWCGSAGG+EIBCAQnFiVodHRw
Oi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS9wb2xpY3kvMC0GCWCGSAGG+EIBAgQg
Fh5odHRwOi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS8wfgYIKwYBBQUHAQEEcjBw
MDYGCCsGAQUFBzABhipodHRwOi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS9vY3Nw
L2NsaWVudC8wNgYIKwYBBQUHMAKGKmh0dHA6Ly93d3cudmlhdGhpbmtzb2Z0LmRl
L2NhL2NydC9yb290LmNydDA7BglghkgBhvhCAQcELhYsaHR0cDovL3d3dy52aWF0
aGlua3NvZnQuZGUvY2EvY3J0L2NsaWVudC5jcnQwSwYDVR0gBEQwQjAGBgRVHSAA
MDgGAQAwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy52aWF0aGlua3NvZnQuZGUv
Y2EvcG9saWN5LzANBgkqhkiG9w0BAQUFAAOCAgEAijxbdLlgXmh1mtKim6v6JkWb
PmYaryCEkJI1hYNF4/4UpPxk2glhwAzA+fO9GWo3ta0c00ocmqXOZ3ZQZ4yD0Li3
ALbctFVT/GsDEIHYA9hm7R29w9nja2xVFf/PADnF8LXdP4Avk39U3mdUvm8X9D5F
SMjE8abFniXTF1niFxjHfj+AgKb0FpuIsNj5rxnGIvVRcDkmpvl1xok7u7+/0xzr
dEBcQZeiCnWy16PnC6DIVeQ8gytyT13YAGnG6R/nPNJB24s2jMH9IhWTw+1XYg78
/MubRAfGsGx3cJnbi7oLhyDYcHV8k6Kf4c/qkJLo5dBEmv6YqML/bXyXRXvFcQ92
kwLA/esntMaJjCuskiLm4aJveMHydHBtJvmHACnQt2LpEZoeZWSZrJebIrTgFlM0
8NNyeCug6+sDpWezhOoQwHXzZekOPKjwctP4PIma7ybgQ/sHoqhR1S9dm10mCmfM
nKFSQYKpMxAlFjaeIcIQa42fOzQv7k7FNs1V7xPSrZjmC6OJ7XTkJw7CAbeOOsmD
G4CVKbET4wW+ugx6GHF7yaM+CiE2CG6OuOH9A0kGKheO5IM2uKSlddZZCOHuMTxc
BWibFPJ8IcoHwlQgCB69P0283P9Mo8ZyyH5JrIaSP3HhbW0Vvj1wuv6KEm8247ZC
ie14uy60mJTLVnaxerg=
-----END CERTIFICATE-----



PS: Is OCSP not checked with the verify tool?

Best regards
Daniel Marschall
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Daniel Marschall
2009-10-25 16:55:10 UTC
Permalink
Nevermind. I have found the error #1. By appending the CRLs to the
CA-chain, the CRL-error 3 disappears now. (The appending of CRLs to
the chain were not descriped in the manual!)

But the second issuer subject error makes me crazy.

I noticed that I have the same problems as descripted here:
http://www.mail-archive.com/openssl-users-MCmKBN63+***@public.gmane.org/msg30729.html .

My commands are:

openssl x509 -in ca_root/certs/cacert.crt -issuer -noout
openssl crl -in ca_root/crl/ca.pem -issuer -noout

The result is:

issuer= /C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Root
Certificate Signing Authority/CN=ViaThinkSoft Root Certificate Signing
Authority/emailAddress=certmaster-D5/***@public.gmane.org

issuer=/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Root
Certificate Signing Authority/CN=ViaThinkSoft Root Certificate Signing
Authority/emailAddress=certmaster-D5/***@public.gmane.org

Since the certificates are self-made, I am sure that there is no whitespace.

You can download the certificates and test it by your own here:

CRT: http://www.viathinksoft.de/ca/crt/root.crt
CRL: http://www.viathinksoft.de/ca/crl/root.crl

What can I do? I want to have these subject tests too.

Alas, I CANNOT change the openssl version since I already use the
latest stable of my debian system. The system administrator does not
allow me to enforce an update to an unstable version.

Regards
Daniel Marschall
Post by Daniel Marschall
Hello.
I have a problem with verification of certificates.
I have a root, a intermediate and a client certificate. Every
certificate has CRL information (client shows the intermediate CRL).
ViaThinkSoft Root Certificate Signing Authority (CRL: Root)
- ViaThinkSoft Intermediate Client Certificate Authority (CRL: Intermediate)
- - Daniel Marschall (CRL: Intermediate)
At the verification process I get 2 types of errors
1. Issuer subject name errors
2. A CRL-Retriving error
How can I solve these errors?
cat root.crt > tmp_cachain.pem
cat intermediate.crt >> tmp_cachain.pem
openssl verify -verbose -issuer_checks -crl_check_all -CAfile
tmp_cachain.pem daniel-marschall.crt
/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Developers/CN=Daniel
error 29 at 0 depth lookup:subject issuer mismatch
/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Developers/CN=Daniel
error 29 at 0 depth lookup:subject issuer mismatch
/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Developers/CN=Daniel
error 29 at 0 depth lookup:subject issuer mismatch
/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Intermediate
Client Certificate Authority/CN=ViaThinkSoft Intermediate Client
error 29 at 0 depth lookup:subject issuer mismatch
/C=DE/ST=Baden-Wuerttemberg/L=Bammental/O=ViaThinkSoft/OU=Developers/CN=Daniel
error 3 at 0 depth lookup:unable to get certificate CRL
The CRL URIs are stored in the certificates. I expect that the verify
tool downloads the CRLs to simulate if the verification process would
work at the client's side.
My OpenSSL version is OpenSSL 0.9.8c 05 Sep 2006 (CANNOT change!)
Can you please help?
-----BEGIN CERTIFICATE-----
MIIKqzCCCJOgAwIBAgIBADANBgkqhkiG9w0BAQUFADCB5zELMAkGA1UEBhMCREUx
GzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBxMJQmFtbWVudGFs
MRUwEwYDVQQKEwxWaWFUaGlua1NvZnQxKzApBgNVBAsTIlJvb3QgQ2VydGlmaWNh
dGUgU2lnbmluZyBBdXRob3JpdHkxODA2BgNVBAMTL1ZpYVRoaW5rU29mdCBSb290
IENlcnRpZmljYXRlIFNpZ25pbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpj
ZXJ0bWFzdGVyQHZpYXRoaW5rc29mdC5kZTAeFw0wOTEwMjUxNDIzMjVaFw0zNDA2
MTYxNDIzMjVaMIHnMQswCQYDVQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0
ZW1iZXJnMRIwEAYDVQQHEwlCYW1tZW50YWwxFTATBgNVBAoTDFZpYVRoaW5rU29m
dDErMCkGA1UECxMiUm9vdCBDZXJ0aWZpY2F0ZSBTaWduaW5nIEF1dGhvcml0eTE4
MDYGA1UEAxMvVmlhVGhpbmtTb2Z0IFJvb3QgQ2VydGlmaWNhdGUgU2lnbmluZyBB
dXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmNlcnRtYXN0ZXJAdmlhdGhpbmtzb2Z0
LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzmprzkEs1EQM0OQA
oP3p19BqyzV4cyKtYPpN1oxqVXZHrh1rI+ndMIPLRQ/bDCDy/XkJR6UGHihz7ngo
Fj6uNsTg3SuyHJutj3rw77R5UtqH7SsDzXj/gpUwDyiHN0/fc7pbEu/6KEugZSYb
F/x9JK9wq6o/e541upJ0pxfND7rc2iWIcyGWsr2I3omuSbLA/LobzKEPiWosMjTy
db0HxcrKC5pb7vvB8uBygryDJIDaW8S/wefXVOyj7dVdDoDm3RcB/QCZlT678mTL
hCQ5moVllZW9etqN74WLdXv3jS2SC1E39nkGjhECnoWvOlk/waRokmlSDzGb+QbJ
br/2F3iwgiAUsYtCCyae4FGKWURVfTyVuIZTHFKfWQQCosPPrdiij+tEvWgdFNvN
W9dbVsUtRfjfhMgahlepVtT3HYpr92+JotYdGvF3fiA8OoH/re9q3m8Y8GGXBkPo
jSqCPVl68AfttlbTUTIVpofsjdPOlQ5paxVFCuUkiPgq9N7UKni/I4K4l5SsS4XS
7tBA5CKEzXfxuoEN8THfF6ymPEKiBrnTwm1Ulkc6uM5+8BBrbAQCtlO+GHIuE5sI
TksX+hpazbMegoVg08KuDNih30af4UItRY4IshNBUvQmjLYgtXBEwLJqcpCy8tCb
UVhZnw4tqc0czRj1PVrMIUIo0V0CAwEAAaOCBF4wggRaMB0GA1UdDgQWBBTXTW0w
GMN2N7SmyanHRhF1jNKXODCCARYGA1UdIwSCAQ0wggEJgBTXTW0wGMN2N7SmyanH
RhF1jNKXOKGB7aSB6jCB5zELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1
ZXJ0dGVtYmVyZzESMBAGA1UEBxMJQmFtbWVudGFsMRUwEwYDVQQKEwxWaWFUaGlu
a1NvZnQxKzApBgNVBAsTIlJvb3QgQ2VydGlmaWNhdGUgU2lnbmluZyBBdXRob3Jp
dHkxODA2BgNVBAMTL1ZpYVRoaW5rU29mdCBSb290IENlcnRpZmljYXRlIFNpZ25p
bmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpjZXJ0bWFzdGVyQHZpYXRoaW5r
c29mdC5kZYIBADAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjCBjgYDVR0l
BIGGMIGDBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYI
KwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEGCisG
AQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEAQYIKwYBBQUHAwkwJQYDVR0R
BB4wHIEaY2VydG1hc3RlckB2aWF0aGlua3NvZnQuZGUwJQYDVR0SBB4wHIEaY2Vy
dG1hc3RlckB2aWF0aGlua3NvZnQuZGUwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDov
L3d3dy52aWF0aGlua3NvZnQuZGUvY2EvY3JsL3Jvb3QuY3JsMBEGCWCGSAGG+EIB
AQQEAwIABzA0BglghkgBhvhCAQMEJxYlaHR0cDovL3d3dy52aWF0aGlua3NvZnQu
ZGUvY2EvcmV2b2tlLzA5BglghkgBhvhCAQQELBYqaHR0cDovL3d3dy52aWF0aGlu
a3NvZnQuZGUvY2EvY3JsL3Jvb3QuY3JsMDQGCWCGSAGG+EIBCAQnFiVodHRwOi8v
d3d3LnZpYXRoaW5rc29mdC5kZS9jYS9wb2xpY3kvMC0GCWCGSAGG+EIBAgQgFh5o
dHRwOi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS8wfAYIKwYBBQUHAQEEcDBuMDQG
CCsGAQUFBzABhihodHRwOi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS9vY3NwL3Jv
b3QvMDYGCCsGAQUFBzAChipodHRwOi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS9j
cnQvcm9vdC5jcnQwOQYJYIZIAYb4QgEHBCwWKmh0dHA6Ly93d3cudmlhdGhpbmtz
b2Z0LmRlL2NhL2NydC9yb290LmNydDBDBgNVHSAEPDA6MDgGAQAwMzAxBggrBgEF
BQcCARYlaHR0cDovL3d3dy52aWF0aGlua3NvZnQuZGUvY2EvcG9saWN5LzANBgkq
hkiG9w0BAQUFAAOCAgEAkv/dFhQaFKP5MfeNAdX+wIbsn2ceAYk8kwhDkZ/FjO62
Mst+igucTrs6C8YTeLjuZNXWdpq/9uagtu6QNyIE3DlLjzZhUf3dvYtUFwj85236
7dO1giEUyoox+XIHwWIMhvQTpdQP66IXfsFSRkCAX2fDyvk/IcL+wXG8Fz2PMotd
iTh8WrxU853OXFK6w2S5STqBoHMOqhqLkwwAalThs/E2Ainp8xrHEBnEnIDDJWYC
vVU+q3oT0AvlMd52KFwN80ZZbzrJu6zdacuJZd32JTFG9589Gp2f/ZKdCFykKlju
of7onNBltyEsV/9w35A1A5h/eQqw/J5tg16Na2Xsaab00+t7GcM027pGpMvzzDjW
O7XShcbF/QtM4k4Ze8WrVYKPpFac31MSWYmu2g41FEBbBvzVFgG7A+USW2UJtAlq
Gk/ix7uoOjfSIAiQE6Xn6PLkpScGyoNiqCcQwEIzIwWeGi++HKbpEO9KIa39kIo6
GlESuU5A0ia9cPKp8NHbv1n7G6+F/YCooFxjvfUMR1F+T0Cm2uPVVMJMQfV4kHIt
G9e22XJLHk3wm1mpal293qiM8A7em4TfigczcMQjOc3Y67OSNZCF0PKM0MpaUK9J
kckK/Dh6yOH8POx+aY73qJThrwYdE1ak/ml1u2X7ml0nwahQLGdpaCbEtEXvtNE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIKijCCCHKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCB5zELMAkGA1UEBhMCREUx
GzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBxMJQmFtbWVudGFs
MRUwEwYDVQQKEwxWaWFUaGlua1NvZnQxKzApBgNVBAsTIlJvb3QgQ2VydGlmaWNh
dGUgU2lnbmluZyBBdXRob3JpdHkxODA2BgNVBAMTL1ZpYVRoaW5rU29mdCBSb290
IENlcnRpZmljYXRlIFNpZ25pbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpj
ZXJ0bWFzdGVyQHZpYXRoaW5rc29mdC5kZTAeFw0wOTEwMjUxNDI0MDZaFw0zNDA2
MTYxNDI0MDZaMIH1MQswCQYDVQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0
ZW1iZXJnMRIwEAYDVQQHEwlCYW1tZW50YWwxFTATBgNVBAoTDFZpYVRoaW5rU29m
dDEyMDAGA1UECxMpSW50ZXJtZWRpYXRlIENsaWVudCBDZXJ0aWZpY2F0ZSBBdXRo
b3JpdHkxPzA9BgNVBAMTNlZpYVRoaW5rU29mdCBJbnRlcm1lZGlhdGUgQ2xpZW50
IENlcnRpZmljYXRlIEF1dGhvcml0eTEpMCcGCSqGSIb3DQEJARYaY2VydG1hc3Rl
ckB2aWF0aGlua3NvZnQuZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDG98FYiC6ugK1c7sjNIKjmqrmiEqcc11zJhC+qkEUbl8yp9q8zRBzaXSVoFYG7
+aESdau1MPJWcbIuXjTeSf66wCZwiF8QY8e8to5b/o5QE5VHwJyCH609zBXJlwDK
+0kQHeTIOproiVXHUiyhUrY0cSuoPvqXaxFZtb6cIkYXh/IbOd2lI4ENNomH+oxV
Zs10tEISGuOXN3RarPizq2dCDbl3RWHWtPJW7LCK4O8WVO/4FrSFTQQArx2jSG+0
8VXoXuFRCjyjXVn/3+QDFjJYUUsYqz6thQidqLsUGKmhucaF2dGA21w/S86crcQm
0n4mef3lnMUjchNQFlQXfKIlzyUJIDVQ+uu1YGAt3+FeOHyqzi48ZjuVQ1bNxCnl
XGqInbqHopUc9FDgnZOptupV+OKtWX/Xpqk84ikbbvhzuoqnFNILNKcXmEcK49Rr
anpdatSKtseN0NKycHGf//8khNWHjGRoFqAUaL0WeNW9i8XGBMBqTVVfStYdjqT9
H8OHgsIS4KCSbeRdrfCib20UUnC98tS8FGk+QUIrcc/2O5cSra8TnqlXbl1/1LYi
/TbAZ/LAexUUuKCej6cwNA07avNLSsWogSNGTBCiLo3VaWNIgGrhNYnGsQhMg/++
X1OuGmIqqylk0ULdvUFyVBdEnSJXFwdg4Vc4MGUp/slizQIDAQABo4IELzCCBCsw
HQYDVR0OBBYEFCPJ71NtqCw2JN6KONc6TCqHaKIgMIIBFgYDVR0jBIIBDTCCAQmA
FNdNbTAYw3Y3tKbJqcdGEXWM0pc4oYHtpIHqMIHnMQswCQYDVQQGEwJERTEbMBkG
A1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHEwlCYW1tZW50YWwxFTAT
BgNVBAoTDFZpYVRoaW5rU29mdDErMCkGA1UECxMiUm9vdCBDZXJ0aWZpY2F0ZSBT
aWduaW5nIEF1dGhvcml0eTE4MDYGA1UEAxMvVmlhVGhpbmtTb2Z0IFJvb3QgQ2Vy
dGlmaWNhdGUgU2lnbmluZyBBdXRob3JpdHkxKTAnBgkqhkiG9w0BCQEWGmNlcnRt
YXN0ZXJAdmlhdGhpbmtzb2Z0LmRlggEAMBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYD
VR0PBAQDAgEGME0GA1UdJQEB/wRDMEEGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYB
BAGCNwoDBAYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEFBQcDCTAlBgNVHREE
HjAcgRpjZXJ0bWFzdGVyQHZpYXRoaW5rc29mdC5kZTAlBgNVHRIEHjAcgRpjZXJ0
bWFzdGVyQHZpYXRoaW5rc29mdC5kZTA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8v
d3d3LnZpYXRoaW5rc29mdC5kZS9jYS9jcmwvY2xpZW50LmNybDARBglghkgBhvhC
AQEEBAMCAQYwNAYJYIZIAYb4QgEDBCcWJWh0dHA6Ly93d3cudmlhdGhpbmtzb2Z0
LmRlL2NhL3Jldm9rZS8wOwYJYIZIAYb4QgEEBC4WLGh0dHA6Ly93d3cudmlhdGhp
bmtzb2Z0LmRlL2NhL2NybC9jbGllbnQuY3JsMDQGCWCGSAGG+EIBCAQnFiVodHRw
Oi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS9wb2xpY3kvMC0GCWCGSAGG+EIBAgQg
Fh5odHRwOi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS8wfgYIKwYBBQUHAQEEcjBw
MDYGCCsGAQUFBzABhipodHRwOi8vd3d3LnZpYXRoaW5rc29mdC5kZS9jYS9vY3Nw
L2NsaWVudC8wNgYIKwYBBQUHMAKGKmh0dHA6Ly93d3cudmlhdGhpbmtzb2Z0LmRl
L2NhL2NydC9yb290LmNydDA7BglghkgBhvhCAQcELhYsaHR0cDovL3d3dy52aWF0
aGlua3NvZnQuZGUvY2EvY3J0L2NsaWVudC5jcnQwSwYDVR0gBEQwQjAGBgRVHSAA
MDgGAQAwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy52aWF0aGlua3NvZnQuZGUv
Y2EvcG9saWN5LzANBgkqhkiG9w0BAQUFAAOCAgEAijxbdLlgXmh1mtKim6v6JkWb
PmYaryCEkJI1hYNF4/4UpPxk2glhwAzA+fO9GWo3ta0c00ocmqXOZ3ZQZ4yD0Li3
ALbctFVT/GsDEIHYA9hm7R29w9nja2xVFf/PADnF8LXdP4Avk39U3mdUvm8X9D5F
SMjE8abFniXTF1niFxjHfj+AgKb0FpuIsNj5rxnGIvVRcDkmpvl1xok7u7+/0xzr
dEBcQZeiCnWy16PnC6DIVeQ8gytyT13YAGnG6R/nPNJB24s2jMH9IhWTw+1XYg78
/MubRAfGsGx3cJnbi7oLhyDYcHV8k6Kf4c/qkJLo5dBEmv6YqML/bXyXRXvFcQ92
kwLA/esntMaJjCuskiLm4aJveMHydHBtJvmHACnQt2LpEZoeZWSZrJebIrTgFlM0
8NNyeCug6+sDpWezhOoQwHXzZekOPKjwctP4PIma7ybgQ/sHoqhR1S9dm10mCmfM
nKFSQYKpMxAlFjaeIcIQa42fOzQv7k7FNs1V7xPSrZjmC6OJ7XTkJw7CAbeOOsmD
G4CVKbET4wW+ugx6GHF7yaM+CiE2CG6OuOH9A0kGKheO5IM2uKSlddZZCOHuMTxc
BWibFPJ8IcoHwlQgCB69P0283P9Mo8ZyyH5JrIaSP3HhbW0Vvj1wuv6KEm8247ZC
ie14uy60mJTLVnaxerg=
-----END CERTIFICATE-----
PS: Is OCSP not checked with the verify tool?
Best regards
Daniel Marschall
--
Daniel Marschall
www.daniel-marschall.de
+49 6223 488840
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Loading...